Problem #1: System consistently hangs at "Starting DNS Resolver" when NIC is "connected" at boot

if plain, straight-forward install from ISO and reboot, WAN is configured, but sysytem hangs at "Starting DNS Resolver"

if NIC is "disconnected" (at hypervisor), boot completes (after slight delay at bringing up WAN and "Starting DNS Resolver"), then system operates as normal (up to a point - read below) when NIC is reconnected (i.e. web configuration wizard although it also hangs at the last "redirect" step) - note that DNS Resolver services shows as "not started" after a forced reboot (while repeating the whole "NIC disconnect, reconnect dance")

renaming /usr/local/sbin/unbound* "solves" the hang, but then I cannot disable it via web UI (complains about missing unbound-checkconf)

playback showunboundconfigplayback disableunboundplayback showunboundconfigUnfortunately, I am stuck again; I can ping the gateway or any other host, but I cannot access the web UI, even if I were to disable the firewall via shell (pfctl -d).

I am not using virtio drivers for now because there is no way to turn it off from the guest side except through the web UI (as far as I am aware); the issues I face here (with e1000 emulation) means I cannot even get to the web UI.

Fact is, I originally tried with virtio but fell back to e1000 (recreating the entire VM also, just in case) trying to troubleshoot the pesky unbound "Starting DNS Resolver" hanging problem... For what it is worth, I have disabled every offload setting in all NICs on the hypervisor (/etc/network/interfaces snippet for every NIC, bondn and brniface as follows) and I am still facing this issue (of web UI not being accessible).

# disable hardware offloading for virtio compatibility offload-tx off offload-rx off offload-tso off offload-ufo off offload-lro off offload-sg off offload-gro off offload-gso off offload-rxvlan off offload-txvlan off offload-ntuple off offload-rxhash off

I will try with a complete rebuild (again) and see if I can establish a reliable step-by-step. What I do not understand is why unbound is causing so much grief - and considering it is the "default", why I do not see others having the same issue.

Hoping someone can help point me towards debugging/logging the answer...